This invention relates generally to programming languages and, more specifically, relates to security models for programming languages.
The purpose of language-based security is to make applications more secure by embedding security mechanisms inside the programming languages in which those applications are written. See D. Kozen et al., “Language-based security”, in Proc. Conf. Mathematical Foundations of Computer Science (MFCS'99), volume 1672 of Lecture Notes in Computer Science, pages 284-298, Springer-Verlag, September 1999. The advantages of this method are multiple. For example, developers are not required to implement ad hoc security mechanisms—an often error-prone and time-consuming approach. Furthermore, applications developed on top of a language that supports certain security mechanisms can be designed with security in mind, and are easily portable from one platform to the other. Finally, writing more secure applications when support is embedded in the underlying language can often be as simple as calling certain libraries. This greatly simplifies secure code development even for people who are not security experts. However, most programming languages do not have enough security in them, and requiring a developer to use libraries in order to provide security means that mistakes will be common.
One attempt to improve certain aspects of security is through the use of actor-based languages. In such languages, components are completely isolated from each other and communication is via message passage only. Nonetheless, these types of languages have additional problems explained in more detail below.